Route Origin Authorization

$ rpki-client -vvf rpki.co/repo/AS945/1/326131323a646434373a356430303a3a2f34302d3438203d3e20313939393536.roa
File:                     326131323a646434373a356430303a3a2f34302d3438203d3e20313939393536.roa (raw, json)
Hash identifier:          UPosf5hgdbfJ5qEG/7+FBZfQ4JQoYuNrU5DcdujU8ss=
Subject key identifier:   74:62:2E:7D:BD:6E:83:9B:98:0B:8C:BB:6B:32:34:12:FA:E9:2E:37
Certificate issuer:       /CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
Certificate serial:       61466FB7769B4BD38F1B128A2B8F2714EDDE4494
Authority key identifier: 66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6
Authority info access:    rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
Subject info access:      rsync://rpki.co/repo/AS945/1/326131323a646434373a356430303a3a2f34302d3438203d3e20313939393536.roa
Signing time:             Tue 17 Oct 2023 16:13:31 +0000
ROA not before:           Tue 17 Oct 2023 16:08:31 +0000
ROA not after:            Tue 15 Oct 2024 16:13:31 +0000
asID:                     199956
IP address blocks:        2a12:dd47:5d00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl
                          rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.mft
                          rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.crl
                          rsync://dev.tw/rpki/August/5/9D620B45C9098506AC4BF1184BEE6CDBE9D71C4C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nWILRckJhQasS_EYS-5s2-nXHEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:46:6f:b7:76:9b:4b:d3:8f:1b:12:8a:2b:8f:27:14:ed:de:44:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6604289C7E39E08E1AE1255CEE73C05BFD99F3E6
        Validity
            Not Before: Oct 17 16:08:31 2023 GMT
            Not After : Oct 15 16:13:31 2024 GMT
        Subject: CN=74622E7DBD6E839B980B8CBB6B323412FAE92E37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:3a:a5:1b:26:8d:63:d4:ba:ac:c0:23:17:8e:
                    66:3b:cb:8f:e4:db:a9:7c:a2:d7:5f:f0:9b:d9:58:
                    c1:dd:a0:20:5f:2e:c4:b3:0d:9d:45:34:84:f0:ef:
                    f2:0d:c4:f6:da:a8:e1:55:26:ef:78:ec:c6:d4:41:
                    db:3f:04:8e:f1:2a:81:f6:f7:10:b2:19:9b:03:f2:
                    23:e7:a5:28:f1:d2:69:40:81:d4:d2:df:27:36:a5:
                    dd:f6:69:fb:56:dd:f6:e3:54:49:e2:01:f1:73:65:
                    e6:64:03:25:fd:e1:ff:39:27:53:07:b8:f5:e8:3d:
                    74:c7:74:a9:d6:e4:58:72:53:b0:ba:19:49:91:3f:
                    6b:43:7e:58:54:6b:4e:4c:aa:a3:d7:31:9e:24:10:
                    a1:2a:c4:a8:b8:bb:85:93:2d:f4:2b:75:ad:3f:b6:
                    d9:16:11:ca:ac:83:47:88:7e:18:83:cc:90:54:98:
                    39:84:c0:f6:9a:dc:05:10:a5:1a:e6:bf:c5:4e:95:
                    55:3b:42:26:d3:d1:18:b5:ce:40:42:8e:0b:3b:6b:
                    6c:2b:9c:b9:f7:24:cd:fe:3f:5c:45:59:85:bb:d2:
                    62:f8:04:e7:2d:e3:65:13:cc:56:b6:2b:8f:d3:a8:
                    19:c9:08:36:22:74:ce:19:c6:44:cf:1e:6f:2b:f5:
                    0e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:62:2E:7D:BD:6E:83:9B:98:0B:8C:BB:6B:32:34:12:FA:E9:2E:37
            X509v3 Authority Key Identifier:
                keyid:66:04:28:9C:7E:39:E0:8E:1A:E1:25:5C:EE:73:C0:5B:FD:99:F3:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.co/repo/AS945/1/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://dev.tw/rpki/August/5/6604289C7E39E08E1AE1255CEE73C05BFD99F3E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.co/repo/AS945/1/326131323a646434373a356430303a3a2f34302d3438203d3e20313939393536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:dd47:5d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c8:d2:7c:e4:4b:9d:2c:8b:b0:5c:6e:23:fa:c1:73:7c:34:7b:
         7e:f0:ff:00:c4:ac:95:78:56:ae:40:81:8f:c3:1f:cb:4b:5b:
         70:73:ae:35:52:5b:1b:09:2e:73:08:7c:24:17:f1:9c:10:78:
         c6:e4:f2:94:05:15:76:5b:e7:2e:8e:95:2a:12:4a:21:d9:96:
         9c:0a:d2:67:c4:65:81:ad:6b:8d:87:f3:bc:4b:55:07:ca:9c:
         8d:b6:ac:e0:4a:6b:29:26:23:09:7b:e8:8a:32:db:9a:8f:02:
         22:9e:75:3f:86:b9:66:79:95:89:c5:f5:55:e3:8a:a1:32:71:
         93:7c:44:28:14:9e:3a:1f:bb:30:7a:98:cb:04:29:9e:5c:69:
         d8:31:93:62:65:15:fe:5a:93:18:45:ef:a3:9a:f9:5f:55:55:
         5e:b9:12:18:fe:2b:f3:b0:02:05:3c:f9:1b:f2:ce:32:cb:06:
         50:19:24:1f:3e:0e:d6:fb:86:c4:c2:8a:a9:e6:8d:a3:07:5e:
         7f:9b:88:0c:0d:dd:66:06:ba:88:73:b6:7a:4d:12:7a:ea:f9:
         28:95:33:6c:be:b7:0d:10:dc:7d:7e:85:18:8f:e9:94:3d:8b:
         20:b8:b2:75:59:3d:87:3a:81:85:bb:16:54:b7:f8:57:2a:2d:
         5a:7e:bc:5d
-----BEGIN CERTIFICATE-----
MIIEyTCCA7GgAwIBAgIUYUZvt3abS9OPGxKKK48nFO3eRJQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjYwNDI4OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJG
RDk5RjNFNjAeFw0yMzEwMTcxNjA4MzFaFw0yNDEwMTUxNjEzMzFaMDMxMTAvBgNV
BAMTKDc0NjIyRTdEQkQ2RTgzOUI5ODBCOENCQjZCMzIzNDEyRkFFOTJFMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtOqUbJo1j1LqswCMXjmY7y4/k
26l8otdf8JvZWMHdoCBfLsSzDZ1FNITw7/INxPbaqOFVJu947MbUQds/BI7xKoH2
9xCyGZsD8iPnpSjx0mlAgdTS3yc2pd32aftW3fbjVEniAfFzZeZkAyX94f85J1MH
uPXoPXTHdKnW5FhyU7C6GUmRP2tDflhUa05MqqPXMZ4kEKEqxKi4u4WTLfQrda0/
ttkWEcqsg0eIfhiDzJBUmDmEwPaa3AUQpRrmv8VOlVU7QibT0Ri1zkBCjgs7a2wr
nLn3JM3+P1xFWYW70mL4BOct42UTzFa2K4/TqBnJCDYidM4ZxkTPHm8r9Q5NAgMB
AAGjggHTMIIBzzAdBgNVHQ4EFgQUdGIufb1ug5uYC4y7azI0EvrpLjcwHwYDVR0j
BBgwFoAUZgQonH454I4a4SVc7nPAW/2Z8+YwDgYDVR0PAQH/BAQDAgeAMFoGA1Ud
HwRTMFEwT6BNoEuGSXJzeW5jOi8vcnBraS5jby9yZXBvL0FTOTQ1LzEvNjYwNDI4
OUM3RTM5RTA4RTFBRTEyNTVDRUU3M0MwNUJGRDk5RjNFNi5jcmwwZQYIKwYBBQUH
AQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL2Rldi50dy9ycGtpL0F1Z3VzdC81
LzY2MDQyODlDN0UzOUUwOEUxQUUxMjU1Q0VFNzNDMDVCRkQ5OUYzRTYuY2VyMH0G
CCsGAQUFBwELBHEwbzBtBggrBgEFBQcwC4ZhcnN5bmM6Ly9ycGtpLmNvL3JlcG8v
QVM5NDUvMS8zMjYxMzEzMjNhNjQ2NDM0MzczYTM1NjQzMDMwM2EzYTJmMzQzMDJk
MzQzODIwM2QzZTIwMzEzOTM5MzkzNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsG
AQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLdR10wDQYJKoZI
hvcNAQELBQADggEBAMjSfORLnSyLsFxuI/rBc3w0e37w/wDErJV4Vq5AgY/DH8tL
W3BzrjVSWxsJLnMIfCQX8ZwQeMbk8pQFFXZb5y6OlSoSSiHZlpwK0mfEZYGta42H
87xLVQfKnI22rOBKaykmIwl76Ioy25qPAiKedT+GuWZ5lYnF9VXjiqEycZN8RCgU
njofuzB6mMsEKZ5cadgxk2JlFf5akxhF76Oa+V9VVV65Ehj+K/OwAgU8+RvyzjLL
BlAZJB8+Dtb7hsTCiqnmjaMHXn+biAwN3WYGuohztnpNEnrq+SiVM2y+tw0Q3H1+
hRiP6ZQ9iyC4snVZPYc6gYW7FlS3+FcqLVp+vF0=
-----END CERTIFICATE-----